Fix oss-fuzz priority issue

plugins/dynamic-security/clients.c

@@ -232,6 +232,7 @@ int dynsec_clients__config_load(struct dynsec__data *data, cJSON *tree)
 						if(json_get_string(j_role, "rolename", &rolename, false) == MOSQ_ERR_SUCCESS){
 							json_get_int(j_role, "priority", &priority, true, -1);
 							if(priority > PRIORITY_MAX) priority = PRIORITY_MAX;
+							if(priority < -PRIORITY_MAX) priority = -PRIORITY_MAX;
 							role = dynsec_roles__find(data, rolename);
 							dynsec_rolelist__client_add(client, role, priority);
 						}

plugins/dynamic-security/groups.c

@@ -127,6 +127,7 @@ int dynsec_groups__process_add_role(struct dynsec__data *data, struct mosquitto_
 	}
 	json_get_int(cmd->j_command, "priority", &priority, true, -1);
 	if(priority > PRIORITY_MAX) priority = PRIORITY_MAX;
+	if(priority < -PRIORITY_MAX) priority = -PRIORITY_MAX;
 
 	group = dynsec_groups__find(data, groupname);
 	if(group == NULL){
@@ -261,6 +262,7 @@ int dynsec_groups__config_load(struct dynsec__data *data, cJSON *tree)
 						if(json_get_string(j_role, "rolename", &rolename, false) == MOSQ_ERR_SUCCESS){
 							json_get_int(j_role, "priority", &priority, true, -1);
 							if(priority > PRIORITY_MAX) priority = PRIORITY_MAX;
+							if(priority < -PRIORITY_MAX) priority = -PRIORITY_MAX;
 							role = dynsec_roles__find(data, rolename);
 							dynsec_rolelist__group_add(group, role, priority);
 						}
@@ -281,6 +283,7 @@ int dynsec_groups__config_load(struct dynsec__data *data, cJSON *tree)
 						if(json_get_string(j_client, "username", &username, false) == MOSQ_ERR_SUCCESS){
 							json_get_int(j_client, "priority", &priority, true, -1);
 							if(priority > PRIORITY_MAX) priority = PRIORITY_MAX;
+							if(priority < -PRIORITY_MAX) priority = -PRIORITY_MAX;
 							dynsec_groups__add_client(data, username, group->groupname, priority, false);
 						}
 					}
@@ -560,6 +563,7 @@ int dynsec_groups__process_add_client(struct dynsec__data *data, struct mosquitt
 
 	json_get_int(cmd->j_command, "priority", &priority, true, -1);
 	if(priority > PRIORITY_MAX) priority = PRIORITY_MAX;
+	if(priority < -PRIORITY_MAX) priority = -PRIORITY_MAX;
 
 	rc = dynsec_groups__add_client(data, username, groupname, priority, true);
 	if(rc == MOSQ_ERR_SUCCESS){
@@ -1017,6 +1021,7 @@ int dynsec_groups__process_modify(struct dynsec__data *data, struct mosquitto_co
 				if(json_get_string(j_client, "username", &username, false) == MOSQ_ERR_SUCCESS){
 					json_get_int(j_client, "priority", &priority, true, -1);
 					if(priority > PRIORITY_MAX) priority = PRIORITY_MAX;
+					if(priority < -PRIORITY_MAX) priority = -PRIORITY_MAX;
 					dynsec_groups__add_client(data, username, groupname, priority, false);
 				}
 			}

plugins/dynamic-security/roles.c

@@ -237,6 +237,7 @@ static int dynsec_roles__acl_load(cJSON *j_acls, const char *key, struct dynsec_
 
 		json_get_int(j_acl, "priority", &acl->priority, true, 0);
 		if(acl->priority > PRIORITY_MAX) acl->priority = PRIORITY_MAX;
+		if(acl->priority < -PRIORITY_MAX) acl->priority = -PRIORITY_MAX;
 		json_get_bool(j_acl, "allow", &acl->allow, true, false);
 
 		bool allow;
@@ -677,6 +678,7 @@ int dynsec_roles__process_add_acl(struct dynsec__data *data, struct mosquitto_co
 
 	json_get_int(cmd->j_command, "priority", &acl->priority, true, 0);
 	if(acl->priority > PRIORITY_MAX) acl->priority = PRIORITY_MAX;
+	if(acl->priority < -PRIORITY_MAX) acl->priority = -PRIORITY_MAX;
 	json_get_bool(cmd->j_command, "allow", &acl->allow, true, false);
 
 	HASH_ADD_INORDER(hh, *acllist, topic, topic_len, acl, insert_acl_cmp);